Check Microsoft's implementation, even Apple's (with both Mac OS X and the iPhone). I believe all of these offer L2TP inside of IPsec. I thought they also offer PPTP inside of IPsec.
Someone on the list can confirm this. It's been my experience that customers are using these protocols (L2TP and PPTP) protected by IPsec and are also using RADIUS for authentication. Essentially, Solaris would need these embedded into the OS if we are to be a server to the existing VPN client base. So, do readers here want Sun on the edge of the network to receive terminations of VPN requests? Dan McDonald wrote: > On Mon, Oct 29, 2007 at 03:03:35PM -0700, Darren Reed wrote: > >>> If PPTP/L2TP (L2TP is a descendent of PPTP, if memory serves...) doesn't >>> require changes to our IKE, you could propose it as a completely >>> community-driven project here on OpenSolaris. Otherwise it's going to need >>> to be half-and-half (like IPsec Tunnel Reform). >>> >>> >>> >> I think it would be very poor to architect the delivery of L2TP >> in OpenSolaris to require anything to do with IKE. >> > > I agree. But I'm curious about the protocols themselves. ISTR there being > unusual requirements for IPsec-protected L2TP, but maybe I'm remembering > wrong. > > >> I'd like to see L2TP in OpenSolaris provide a GLDv3 driver. >> >> I'm also interested to see if the L2TP driver, along with the >> tun driver, could implement an "IP" MAC type where the >> MAC addresses are actually IP addresses. >> > > Do you mean like the Clearview IP Tunnelling driver? I think you'll get your > wish sooner than you think. ;) > > Dan > -- Mark Thacker Product Line Manager, Solaris Security & Naming Services 9430 Blackthorn Trail Frisco, TX 75034 mark.thacker at sun.com ph : 972-992-3178 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/security-discuss/attachments/20071030/cddec79e/attachment.html>
